Update: Even after doing all this the system still locks up randomly when using the amdgpu driver.
I’m running dual AMD FirePro W2100 driving 3 monitors in my workstation. Since installing the cards I’ve been suffering random freezes/graphical lockups that seemed to be related to 3D. They occurred typically during an animation in gnome-shell, or when using Firefox or Chrome with hardware acceleration. Most times, I was able to recover by logging in to the machine via ssh and sending killall -HUP to the appropriate process (usually gnome-shell). Every time this happened, syslog would be full of GPU faults:
[ 2482.763707] radeon 0000:02:00.0: GPU fault detected: 146 0x0468100c
[ 2482.763708] radeon 0000:02:00.0: VM_CONTEXT1_PROTECTION_FAULT_ADDR 0x0011173E
[ 2482.763709] radeon 0000:02:00.0: VM_CONTEXT1_PROTECTION_FAULT_STATUS 0x0805000C
[ 2482.763710] VM fault (0x0c, vmid 4) at page 1120062, read from CB (80)
[ 2482.763713] radeon 0000:02:00.0: GPU fault detected: 146 0x0408500c
[ 2482.763714] radeon 0000:02:00.0: VM_CONTEXT1_PROTECTION_FAULT_ADDR 0x00111744
[ 2482.763715] radeon 0000:02:00.0: VM_CONTEXT1_PROTECTION_FAULT_STATUS 0x0805000C
[ 2482.763717] VM fault (0x0c, vmid 4) at page 1120068, read from CB (80)
I tried updating my kernel (going from Ubuntu 18.04 to 18.10 and even reinstalling with Pop!_OS 18.10 than 19.04) and updating graphics drivers using the oibaf ppa, to no avail. Finally found what seems to be the solution on HackerNews (thanks danieldk) – force the use of the newer amdgpu driver rather than the older radeon driver. The W2100 is a first-generation GCN chip and so is supported by both drivers, and radeon is chosen as the default. To force amdgpu, you need to pass the kernel flags
amdgpu.si_support=1 radeon.si_support=0 amdgpu.cik_support=1 radeon.ciksupport=0
In Ubuntu, add these to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub, then run update_grub. Pop!_OS doesn’t use grub, so you need to add each flag using kernelstub -a amdgpu.si_support=1 and repeating for each of the 4.
So far, my system seems stable since this change. I will update this post if anything changes.
Oracle have decided to disable access to Java apps that use MD5withRSA signatures. For instance, when launching the .jnlp file to connect to my Lantronix Spider remote KVM, I am presented with this error:
To fix this, we have to change Java’s security settings. Unfortunately, settings for signature algorithms are not in the Java Control Panel, so we have to edit the config files directly.
On macOS, the default JRE installation’s root directory ($JAVA_HOME) is
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home
on Windows, it would be
C:\Program Files\Java\jre1.8.0_131
where “1.8.0_131” is your specific Java version, and on Linux, JRE is installed in
/usr/lib/jvm/java-1.7.0-openjdk-amd64
once again where “1.7.0-openjdk-amd64” is your specific Java version.
In the JRE directory, we then need to edit the file
$JAVA_HOME/lib/security/java.security
and comment out the line that starts with “jdk.jar.disabledAlgorithms” by prefixing a #. Note that this will allow jar files signed with any algorithms to run, which can be considered insecure.
Sources:
- https://learningintheopen.org/2017/11/03/java-jnlp-error-weak-signature-algorithm-md5withrsa/
- https://stackoverflow.com/questions/15826202/where-is-java-installed-on-mac-os-x
After installing Wine in Ubuntu Gnome 17.04, I noticed that double-clicking on .exe files in Nautilus still opened them in Archive Manager. I tried the usual right-click > Properties > Open With, but Wine was not listed as an available option.
It turns out that in the Wine package for Ubuntu 17.04, the wine.desktop file is not created in /usr/share/applications, and so does not show up in the Gnome GUI. To make things work, we need to copy the wine.desktop file from /usr/share/doc/wine-stable/examples/ to /usr/share/applications/
sudo cp /usr/share/doc/wine-stable/examples/wine.desktop /usr/share/applications/
Then edit the .desktop file to unhide it from the menus –
sudo nano /usr/share/applications/wine.desktop
Change NoDisplay=true to NoDisplay=false
Now, “Wine Windows Program Loader” is available as a choice in the Properties > Open With list.
When setting up Postfix on Ubuntu/Debian as “Internet Site with smarthost” to use an external smtp relay, automatic e-mails intended for “root” (such as cron job error reports) get sent out to the smarthost with a To: address of [email protected] This can cause a problem as the smarthost doesn’t know where to deliver these messages to, since myhost.mydomain.com has no MX record.
The fix for this is (go figure) in the Postfix README:
Delivering some but not all accounts locally
A drawback of sending mail as “[email protected]m” (instead of “[email protected]”) is that mail for “root” and other system accounts is also sent to the central mailhost. In order to deliver such accounts locally, you can set up virtual aliases as follows:
1 /etc/postfix/main.cf:
2 virtual_alias_maps = hash:/etc/postfix/virtual
3
4 /etc/postfix/virtual:
5 root [email protected]
6 . . .
Translation:
Execute the command “postmap /etc/postfix/virtual” after editing the file.
Oddly, just adding the line
root: [email protected]
to /etc/aliases doesn’t work. You really need to do the steps outlined in the manual.
It’s really cool what we can do with computers these days. I generally take technology for granted, but sometimes I am just in awe of what is possible.
With the ubiquity of the Internet
It’s all too easy to forget
How amazing it is, that with relative ease –
Just a few strokes of the keys
A sysadmin can ssh to a box running Unix
On the other side of the world, or just across town.
And with just a few clicks
Bounce that Windows box that’s gone down.
Image credit: https://www.flickr.com/photos/stars6/4381851322/
I feel ready for the OPS235 exam. There are a few areas I need to brush up on, but overall I feel I have a grasp of most of the course content.
Strengths
- CentOS installation
- KVM administration via GUI
- Package/software installation and updates
- tar and file archiving/management
- fstab and partition management
Weaknesses
- Knowledge of specific commands and arguments/switches (rely on man pages)
- iptables syntax
- lvm commands
- CentOS/RedHat-specific commands and conventions (used to Debian/Ubuntu)
- SELinux
- Memorization of .conf file structures
Exam review topics
- KVM network configuration
- User and group management
Software installed
Apache
Apache is an open-source web server software maintained by the Apache Software Foundation and the open-source community. It can be extended using modules, and is well-documented and well-supported. It is usually the de-facto standard Web server on Linux, although lately new and customized Web servers such as nginx have been becoming more popular for dynamic, high-traffic sites.
PHP
PHP is a server-side scripting language mainly used for web development. By writing PHP rather than plain HTML, developers are able to create pages that are dynamically generated by the server on the fly depending on parameters provided. The Zend PHP interpreter is open-source software, and is available as a module for multiple Web servers on Linux, Windows, BSD and other OSes.
MySQL
MySQL is an open source relational database management system (RDBMS). It is open-source software, released under the GPL and sponsored by Oracle Corporation. The software is available at no cost, although there are also some paid versions. It has widespread use in Web applications, such as WordPress and MediaWiki, and is also used by large sites such as Facebook and YouTube.
LAMP stack
Together, CentOS (Linux), Apache, MySQL and PHP form an implementation of a LAMP stack. This stack provides a consistent, portable environment for Web developers.
WordPress
WordPress is an open-source blogging platform and CMS. It is written in PHP, and uses a MySQL database for text content storage and metadata. It provides an easy-to-use user interface, and is highly extensible and customizable with a large number of user-creatable themes and plugins. WordPress powers some prominent sites such as Forbes.com, vogue.com and nationalpost.com.
Problems encountered during installation
- The systemctl command was not available, since this install of CentOS is using upstart rather than systemd.
- There was no default index page created during the install of httpd. As a result, accessing HTTP on the Centos3 VM server gave an HTTP error 403 (Access denied) – the default Apache configuration denies directory listings.
- The c6host machine was not able to access the HTTP service on centos3 because its iptables was not configured to allow inbound traffic on port 80.
- When configuring iptables on centos3, running iptables -A INPUT -p tcp –dport 80 -j ACCEPT was notsufficient.
- The -A option appends the rule to the end of the INPUT chain, however, there was a pre-existing explicit rule rejecting all packets.
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
- To move the new rule above the reject rule, the incorrect rule had to be removed by running iptables -D INPUT -p tcp –dport 80 -j ACCEPT
- Then, find the line numbers by running iptables -L –line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
- Use iptables -I INPUT 5 -p tcp –dport 80 -j ACCEPT to insert the new rule above the existing rule 5.
- Running iptables -L –line-numbers again gives the following output:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
- The contents of the WordPress .tar.gz file were extracted to /root/wordpress. Moving this directory to /var/www/html resulted in the Apache process not being able to read the wordpress subdirectory. Copying (cp -R) avoids this issue.
- When configuring the WordPress connection to MySQL, the WordPress documentation said to run the query
mysql> GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername"@"hostname"
-> IDENTIFIED BY "password";
to allow access to the database. However, since the MySQL server and Apache/WordPress are installed on the same host, we need to use “localhost” rather than “centos3” for the hostname.
Not sure of the implications of this/best practices, but I just added
$_SERVER['HTTPS'] = 'on';
to my index.php.
Reason for this is that I am running a php app behind a reverse proxy, with the connection between the app server and the reverse proxy being plain HTTP, but the connection between the client and the reverse proxy is HTTPS.
I don’t really play DVDs on my PCs much anymore, but my brother have me the full boxed set of Freaks and Geeks (great show, cancelled too soon). Running on a fresh install of Ubuntu 14.04, I popped in the DVD and was prompted by “Video Player” aka Totem to install some additional codecs. I obliged, but after the installation, the DVD still wouldn’t play. It turns out that because of legal issues, the libdvdcss2 library is no longer included in the Ubuntu repositories. However, the libdvdread4 package does provide a script to easily install it.
Once you have libdvdread4 installed, run following script:
# sudo /usr/share/doc/libdvdread4/install-css.sh |
# sudo /usr/share/doc/libdvdread4/install-css.sh
Restart your video player and enjoy your DVD.
Comments (1) 
Uncategorized
| 
amd, drivers, linux 
Themocracy